HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 137
Configuration guidelines, Configuration procedure, Enabling the SSH server function, Enabling
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 137 highlights
To support SSH clients that use different types of key pairs, generate both DSA and RSA key pairs on the SSH server. Configuration guidelines • SSH supports locally generated DSA and RSA key pairs with default names rather than with specified names. For more information about the commands that are used to generate keys, see Security Command Reference. • The public-key local create rsa command generates a server key pair and a host key pair for RSA. SSH1 uses the public key in the server key pair of the SSH server to encrypt the session key before transmitting the session key. Because SSH2 uses the DH algorithm to separately generate the session key on the SSH server and the client, no session key transmission is required and thus the server key pair is not used in SSH2. • The public-key local create dsa command generates only a host key pair. SSH1 does not support the DSA algorithm. • The key modulus length must be less than 2048 bits when you use the public-key local create dsa command to generate the DSA key pair on the SSH server. Configuration procedure To generate local DSA or RSA key pairs on the SSH server: Step 1. Enter system view. 2. Generate local DSA or RSA key pairs. Command Remarks system-view N/A public-key local create { dsa | rsa } By default, no key pairs exist. Support for the dsa keyword depends on your device model. Enabling the SSH server function The SSH server function on the device allows clients to communicate with the device through SSH. The device that acts as an SSH server does not support SFTP or SCP connection initiated by an SSH1 client. To enable the SSH server function: Step 1. Enter system view. 2. Enable the SSH server function. Command system-view ssh server enable Remarks N/A By default, the SSH server function is disabled. Enabling the SFTP server function This SFTP server function enables clients to log in to the device through SFTP. To enable the SFTP server function: 128